Sponsoring:

From: Dave Brockman
------------------------------------------------------
On 2/25/2015 8:01 PM, Wil Wade wrote:
> So I took over maintenance of a site that the previous maintainer had
> let go a bit.
>
> Anyway trying to clean up a piece of malware on it. Getting these
> messages in the /var/log/messages:
>
> kernel: PWNED: IN=eth0 OUT= MAC=xxxxxxxxxxxxx SRC=202.46.50.38
> DST=10.4.185.11 LEN=60 TOS=0x00 PREC=0x00 TTL=35 ID=38094 DF PROTO=TCP
> SPT=54321 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
>
> Anyone have any ideas on what's going on?
>
> Running a few rootkit checkers on it now...
Reinstall from known good media and rebuild from data on that system,
carefully. You can *never* trust that system again.
Is this running on a Pi by any chance?
Regards,
dtb

From: Wil Wade
------------------------------------------------------
So I took over maintenance of a site that the previous maintainer had let
go a bit.
Anyway trying to clean up a piece of malware on it. Getting these messages
in the /var/log/messages:
kernel: PWNED: IN=eth0 OUT= MAC=xxxxxxxxxxxxx SRC=202.46.50.38
DST=10.4.185.11 LEN=60 TOS=0x00 PREC=0x00 TTL=35 ID=38094 DF PROTO=TCP
SPT=54321 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Anyone have any ideas on what's going on?
Running a few rootkit checkers on it now...

From: Mike Harrison
------------------------------------------------------
Wow. Not sure what other magic factores for this was, because I'd been
tweaking so many things. But at some point, I looked at Bodhi Linux's
"eepDater" a GUI tool for apt-get updating. It recommended
"bcmwl-kernel-source". Yeah, I'd tried that before. Screw it. Let's let
eepDater try installing it and the associated modules. When I tried it
from apt-get it'd complain about missing pieces (a a special "wl" module
for example). that I could not find the magic missing piece for.
It worked. :)
lsmod shows:
cfg80211 494330 1 wl
Now I wonder what was different about it's interpretation of installing
that .deb and patching the kernel. But I am liking the result. Bodhi's
eepDater gets a big fat plus one.
http://www.unixmen.com/eepdater-gui-apt-get-package-updates-bodhi-linux/
On the hardware:
The matte finish HD screen on this is reminding me why I hate glossy
screens. It's awesome.

From: Dave Brockman
------------------------------------------------------
On 12/4/2014 8:28 PM, Wil Wade wrote:
> "The 85 Most Disruptive Ideas in Our History" [Our being Business Week's
> 85 year history]
>
> Open Source/Linux (not GNU :( ) came in at 23.
>
> Interesting that Apple was at 10 and Microsoft was no where to be seen
> except that they bought a small company named Forethought at 53.
>
> http://www.businessweek.com/features/85ideas/
And Apple gets credit for the "smartphone" in 2007. Guess they only
bothered to define a smartphone as an iphone, I know there were
PDA+phone devices in the late/mid 90s, and I could browse on non-apple
products waaaay before 2007. I guess Novell and MS actually replacing
mainframes in the first place doesn't deserve a spot here, but < 15%
desktop market share, < 1% server market share, and < 15% global mobile
market share earns you lots of places in this silly list. Writer/Editor
is a FanBoi?
And it calls Linux an Operating System, so GNU is silently and
implicitly included in that statement, because we all know that Linux is
just a kernel, and without GNU, well, then you boot the Linux kernel and
run BSD or Solaris or some other weird shit that just makes you feel
unnatural...
Regards,
dtb

From: Phil Sieg
------------------------------------------------------
Got a new piece of kit. Here is how it happened:
My business partner got the new LG G3 5.5" but 20% smaller than the Galaxy Note 2/3 even though the screen is the same size. I have been VERY impressed with my Nexus 5 and his G3 is amazing, in fact almost perfect. The ONE THING it is lacking is the wireless Qi charging.
Well I am hooked on Qi the way a crack ho loves rock... yes it is that bad. If you don't have wireless charging, you thing I am an idiot. If you do, you get it. There simply is no going back, not even for the iPhone 6.
The problem is that I am still dissatisfied with the battery life on my Nexus 5. I have rooted, rom-ed, kerneled, and tweaked this thing to death, and have gotten every last drop of energy out of it, and it just isn't enough, especially for international travel.
So I start reading up on hacking Qi into the G3, and find out that the G2 from Verizon has it built in.
For those of you that don't know, the LG G2 is the Nexus 5 on steroids. It is the exact same size with a .2 inch larger screen (5.2 vs 5.0) due to smaller bezels. It has a bigger battery, better camera, better screen, and the Verizon model's SIM slot is UNLOCKED. You can use the ATT Straighttalk SIM and it will do HSPA+ (4G) without hacking and LTE if you flash an AOSP rom.
OH and it doesn't have any stupid buttons on the side where they get pressed accidentally ALL THE TIME. The buttons for power/vol are in the center of the back just below the Camera...which actually rocks.
The best part: $225 on ebay for like new in the box 32GB!!!
So far I am digging it.
Will rant in a few days if battery life is disappointing.
No rant means I am pleased.
Phil Sieg
President
SeniorTech LLC / snapfōn®
www.snapfon.com
phil.sieg@seniortechllc.com
Phone: 423.535.9968
Fax: 423.265.9820
Mobile: 423.331.0725
"The computer is the most remarkable tool that we've ever come up with. It's the equivalent of a bicycle for our minds."
Steve Jobs, 1955-2011

From: Phil Shapiro
------------------------------------------------------
Fascinating KernelPanic Oggcast (podcast) interview with school IT Director Charlie Reisinger who rolled out 1,700 Ubuntu laptops at his high school in Penn Manor, Pennsylvania.
http://kernelpanicoggcast.net/Oggcasts/KernelPanic

From: AverageSecurityGuy
------------------------------------------------------
Eric,
If this headhunter is on Twitter, he should tweet about the open =
positions and include the hashtag #securitytwits or @securitytwits in =
the tweet.
--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co
On Feb 5, 2014, at 1:13 AM, Eric Wolf wrote:
> A headhunter called me today mostly to ask for some information on =
what "reverse engineering" meant. He's trying to place an entire team of =
people at a company in Melbourne, FL. The salaries are generous because =
it sounds like they are looking for some real talent:
>=20
> ---------- Forwarded message ----------
> From: David Blackburn
> Date: Tue, Feb 4, 2014 at 11:12 AM
> Subject: Reverse Engineer Positions
> To: "ebwolf@gmail.com"
>=20
>=20
> Eric,
>=20
> =20
>=20
> Thanks for taking time out of your day to speak with me. Please pass =
this info on to anyone in your network you think might be a fit. If I =
can ever re-pay the favor and be a resource to you in any way please =
don=92t hesitate to reach out.=20
>=20
> =20
>=20
> They would like this team of 15 Engineers to live in Melbourne, Fla. =
Comp is between $100k - $200k base yearly salary depending on =
experience. Looking for all skill levels with experience in :
>=20
>=20
> * Reverse Engineering
> * Vulnerability Research
> * Wireless and Network Communications
> * Hypervisors
> * Malware
> * Mobile/Embedded Development
> * Win32/Linux Kernel development
> * Constraint Solving
> * Exploit mitigation techniques
>=20
> =20
>=20
> Thanks for the help. My number is 720-746-2522
>=20
> =20
>=20
> All the best
>=20
> =20
>=20
> David
>=20
> =20
>=20
> =20
>=20
> David Blackburn
>=20
> Senior Account Executive|Information & Technology
>=20
> Bradsby Group
>=20
> dblackburn@bradsbygroup.com
>=20
> Office: (720) 746-2522
>=20
> Fax: (303) 813-8101
>=20
> =20
>=20
> Bradsby Group has been ranked as the #1 Staffing Agency by the Denver =
Business Journal for 2008, 2009, 2010, 2011, 2012, and 2013
>=20
> =20
>=20
> The information contained in this email message is privileged and =
confidential information intended only for the use of the individual =
named above. If the reader of this message is not the intended =
recipient, or the employee or agent responsible to deliver it to the =
intended recipient, you are hereby notified that any dissemination, =
distribution or copying of this communication is strictly prohibited. =
If you have received this communication in error, please immediately =
notify us by telephone (call collect if you are outside our area code). =
Thank you.
>=20
> =20
>=20
>=20
>

From: Eric Wolf
------------------------------------------------------
A headhunter called me today mostly to ask for some information on what
"reverse engineering" meant. He's trying to place an entire team of people
at a company in Melbourne, FL. The salaries are generous because it sounds
like they are looking for some real talent:
---------- Forwarded message ----------
From: David Blackburn
Date: Tue, Feb 4, 2014 at 11:12 AM
Subject: Reverse Engineer Positions
To: "ebwolf@gmail.com"
Eric,
Thanks for taking time out of your day to speak with me. Please pass this
info on to anyone in your network you think might be a fit. If I can ever
re-pay the favor and be a resource to you in any way please don't hesitate
to reach out.
They would like this team of 15 Engineers to live in Melbourne, Fla. Comp
is between $100k - $200k base yearly salary depending on experience.
Looking for all skill levels with experience in :
* Reverse Engineering
* Vulnerability Research
* Wireless and Network Communications
* Hypervisors
* Malware
* Mobile/Embedded Development
* Win32/Linux Kernel development
* Constraint Solving
* Exploit mitigation techniques
Thanks for the help. My number is 720-746-2522
All the best
David
*David Blackburn*
*Senior Account Executive|Information & Technology*
*Bradsby Group*
*dblackburn@bradsbygroup.com *
*Office: (720) 746-2522 *
*Fax: (303) 813-8101 *
*Bradsby Group has been ranked as the #1 Staffing Agency by the Denver
Business Journal for 2008, 2009, 2010, 2011, 2012, and 2013*
*The information contained in this email message is privileged and
confidential information intended only for the use of the individual named
above. If the reader of this message is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient, you
are hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please immediately notify us by telephone (call
collect if you are outside our area code). Thank you.*

From: flushy@flushy.net
------------------------------------------------------
So, I have a small project I finished. Took me about two weeks of off
and on tinkering here and there on my work desktop. I spent probably
about an hour a day, sometimes off hours (via remote vpn), sometimes
no hours in a day, mainly on work days. This may not be useful to some
of you that have IT departments with piles of computers. However, this
is a cable company. Our IT department hates talking with us and uses
red tape to prevent requests.
All in all, I have about 8 hours of work in this. I was able to
perform this upgrade WHILE working, and performing other duties.
Sometimes, I was remote. Sometimes, I was at my desk.
The only downtime I had was the three reboots (initial 64-bit kernel,
boot into 64-bit install, final reboot to ensure settings).
I had one burp in that the new gentoo renames my ethernet interface to
something like enp0s25. Not a big deal to update.
[unrelated note, but it slightly complicates the upgrade]
My system's LVM partition is LUKS encrypted using a keyfile (dd
if=/dev/urandom) that I store on a small USB stick on my keychain. At
reboot, I have to plug in my usb stick (backed up at home and in other
places). If you don't have the keyfile plugged in, you can't access
the main drive's partition at boot up.
[Materials]
* Gentoo Linux installed about 5 years ago, with semi-frequent updates
over the years
* Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
* 8 gigs of RAM (using PAE extensions)
* 32-bit ABI (due to 64-bit support 5 years ago)
* 3.10.7-gentoo PAE SMP i686
* Luks encrypted partition
* LVM2 volumes including / on encrypted partition
* initramfs as initrd with rescue image and keyfile bootstrap
[Goals]
* Gentoo Linux updated
* 64-bit x86

From: Mike Harrison
------------------------------------------------------
Dave:
> Glad to see that my decision to leave RH with 7.3 is still a good one.
I'm having to do it for some contractual issues, and in one case because
the Ubuntu world went to a kernel that does not easily support the
hardware in place, and upgrading the hardware was not a good option right
now.
I'm planning on trying a straight Debian Server next.

From: Peter Veotsch
------------------------------------------------------
I got a new MacBook Air a few weeks ago and am very happy with it. =A0The b=
attery life is excellent as has been reported. =A0It is a vanilla machine w=
ith VirtualBox installed and running Linux under VirtualBox.=0AThe other da=
y =A0I downloaded and installed the GNU PGP suite for Mac OS X and have bee=
n testing the email encryption. =A0I recommend it to any of you Mac users o=
ut there. Now for the paranoia.=0AThis morning at about 7:45 AM I was searc=
hing for some friends on the key servers. =A0Most of my friends don't have =
public keys, and on a lark I entered the name of Glenn Greenwald, the New Y=
ork Times and Guardian reporter who=A0=0Abroke the NSA/Snowden stories. Tur=
ns out he has a 4096 bit encryption key. =A0Within minutes my MacBook Air f=
roze up with a screen that said it had encountered a problem and quit, blan=
k screen, dead to the world. =A0Wouldn't power up.=0AAfter a few minutes it=
came back up and reported 2 kernel panics to Apple (which I elected not to=
send). =A0Everything seems normal now. =A0If I'm intercepted by Customs (h=
ere or in England) on my trip to Europe next week, I'll let you know. Meanw=
hile, is it coincidence or have I gotten on a list? =A0BTW =A0I'm sending t=
his from a different machine.

From: kitepilot@kitepilot.com
------------------------------------------------------
He Lynn, from instructor to instructor, feel free to come get a taildragger
endorsement in my Bellanca 14-13 and it will be WAAAAY cheaper and WAAAAY
more fun than the dull airplanes from the FBO... ;-)
Gliders are an option too.
To place it in perspective, flying a single engine is like VBasic
programming.
Flying a glider is like writing a kernel module... ;-)
ET
PS: "(a good way to learn something is to teach it)"
Agree a thousand percent!
That's why I became CFI, CFIG, and I am working on my 'double II'
When I grow up and make some money I'll pursue float planes and helicopters.
Lynn Dixon writes:
> As an adjunct instructor at a local college (I teach 2 linux courses 2
> nights a week) the salary is what is keeping qualified individuals from
> teaching. I am only an Adjunct, and I really teach because I enjoy it, and
> it keeps me sharp on my skills (a good way to learn something is to teach
> it), I do not do it because the salary is great. Don't get me wrong, for
> the amount of work its a good easy paying job, and it pays for my flight
> time at the local FBO, but unless I was a tenured Prof, at a university,
> theres no way in hell I would do it as my primary career.
>
>
> On Tue, Sep 10, 2013 at 12:25 AM, William Roush > wrote:
>
>> Actually I think a better next step: why aren't skilled people like
>> Rikki looking to teach these kinds of classes? If we leave it to those at
>> the bottom of the skill set pole no amount of legislation will fix it and
>> will just continue to an inefficient hole to shovel money into rising
>> administrative costs.
>>
>> William Roush
>>
>> On 9/9/2013 11:08 PM, Phil Shapiro wrote:
>>
>>
>> I'm really proud that someone from the open source community (Rikki
>> Endsley)
>> had the courage and leadership to address this nasty underside of our
>> culture.
>>
>> If you're not leading the world to a better place, you're tolerating a
>> world that's too
>> messed up. Next step? New civil rights legislation that makes it a crime
>> for someone
>> to tolerate gender harassment in a classroom or workplace.
>>
>> phil
>>
>> ------------------------------
>> *From: *"Stephen Kraus"
>> *To: *"Chattanooga Unix Gnu Android Linux Users Group"
>>
>> *Sent: *Monday, September 9, 2013 10:54:21 PM
>> *Subject: *Re: [Chugalug] Blog post - "To my daughter's high
>> school programming teacher"
>>
>> What the hell....I hope this keeps going up. This is unacceptable.
>>
>>
>> On Mon, Sep 9, 2013 at 10:34 PM, Phil Shapiro wrote:
>>
>>> An important blog post by a tech reporter colleague, Rikki Endsley.
>>> *
>>> *
>>> http://tinyurl.com/puy6erh
>>>
>>> This blog post is currently number 1 on Hacker News (YCombinator).
>>>
>>> I did a screen grab --
>>>
>>> http://www.his.com/pshapiro/ToMyDaughters.png
>>>
>>> You can follow Rikki at http://www.twitter.com/rikkiends
>>>
>>> Retweet at
>>>
>>> https://twitter.com/rikkiends/status/377168772546957312
>>>
>>> You might want to send her a short, encouraging @ message.
>>> It took courage to write that blog post.
>>>
>>> phil
>>>
>>>
>>> --
>>> Phil Shapiro, pshapiro@his.com
>>> http://www.his.com/pshapiro/briefbio.html
>>> http://www.twitter.com/philshapiro
>>> http://www.his.com/pshapiro/stories.menu.html
>>>
>>> "Wisdom begins with wonder." - Socrates
>>> "Learning happens thru gentleness."
>>>
>>>
>>>

From: Peter Veotsch
------------------------------------------------------
I thought you need to use dev tap and a bridge setup in order to connect to=
your internal network from remote locations over the VPN.=0AAlso make sure=
your NIC is in the promiscuous mode.=0A=0APeter Voetsch=0A=0A=0A

From: Nick Smith
------------------------------------------------------
Hello Chugalugers!
Ive got a current install of Graylog2 on Ubuntu 12.04 and im trying to get
all my logs centralized in graylog2.
I am not seeing all the logs in graylog2, specifically from postfix.
the rsyslog file on the postfix server looks correct to me, but its not
sending postfix logs to graylog2.
From what i read if i put "*.* @syslog-server" in the conf file it should
forward all logs to whatever server i want and defaults to port 514 udp. I
get cron and sshd logs but nothing from postfix.
rsyslog.conf snippet:
#### RULES ####
*.* @syslog-server
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
There was a minus sign in front of /var/log/maillog and i thought that
might be causing it, so i took it out and it had no effect.
Anyone have any ideas what i could be doing wrong? Everything looks correct
to me from what ive found on google.
Thanks for the help.
--
--------------
Nick Smith
nick at nicksmith dot us